Hi!
We are currently installing a new WLAN for a large public customer with 2500+ APs. Controle plane security is enabled and we have observed that some APs are provisioned with "factory-cert" and some are using the "switch-cert".
My understanding is, if the AP is coming with a pre-installed factory certificate this will be used for CPsec, if it is coming without the switch certificate is installed.
Now the customer has concerns that the factory-cert may be less secure than the switch-cert.
Therefore my question, what is the factory-cert? Is it a default one which is used for all APs or is it an individual certificate for every AP?
If it is a default certificate, which would be less secure, is there a way to delete it from the AP to force the installation of the switch certificates?
Thanks a lot for every answer!
Best regards
Markus